← Back

CVE-2022-22353

nvd nist
Published: Mar 14, 2022Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.

Affected (4)

Products: Ibm: Big Sql
Ibm
1 product
Big Sql
Configuration A
1 vulnerable · 4 platform
Vulnerable SoftwareAffected Versions
Big Sql
Version 7.1.0
Running on/withPlatform Versions
Cloudera
Data Platform
Version 7.1.3
Cloudera
Data Platform
Version 7.1.4
Cloudera
Data Platform
Version 7.1.5
Cloudera
Data Platform
Version 7.1.7
Configuration B
1 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Big Sql
Version 7.1.1
Running on/withPlatform Versions
Ibm
Cloud Pak For Data
Version 3.5
Ibm
Cloud Pak For Data
Version 3.5 refresh_1
Ibm
Cloud Pak For Data
Version 3.5 refresh_9
Configuration C
1 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Big Sql
From 7.2.0 to 7.2.3
Running on/withPlatform Versions
Ibm
Cloud Pak For Data
Version 4.0
Ibm
Cloud Pak For Data
Version 4.0 refresh_1
Ibm
Cloud Pak For Data
Version 4.0 refresh_3
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Big Sql
Version 7.2.3
Running on/withPlatform Versions
Ibm
Cloud Pak For Data
Version 4.0 refresh_4

References (4)

Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: psirt@us.ibm.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.